Re: [PATCH spice-gtk v4 6/8] spice-uri: Check if port is in allowed range

Victor Toso <lists@xxxxxxxxxxxxxx> · Tue, 31 May 2016 10:05:23 +0200



Hi,

On Mon, May 30, 2016 at 05:46:48PM +0200, Pavel Grunt wrote:
> Use g_ascii_strtoll because it helps to detect overflow.
>
> Related: rhbz#1335239

Acked-by: Victor Toso <victortoso@xxxxxxxxxx>

> ---
>  src/spice-uri.c        | 8 ++++++--
>  tests/test-spice-uri.c | 2 ++
>  2 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/src/spice-uri.c b/src/spice-uri.c
> index ea25aaa..7eec6e5 100644
> --- a/src/spice-uri.c
> +++ b/src/spice-uri.c
> @@ -170,8 +170,8 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
>          uri_port = uriv[1];
>  
>      if (uri_port != NULL) {
> -        char *endptr;
> -        guint port = strtoul(uri_port, &endptr, 10);
> +        gchar *endptr;
> +        gint64 port = g_ascii_strtoll(uri_port, &endptr, 10);
>          if (*endptr != '\0') {
>              g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
>                          "Invalid uri port: %s", uri_port);
> @@ -180,6 +180,10 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
>              g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Missing uri port");
>              goto end;
>          }
> +        if (port <= 0 || port > 65535) {
> +            g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED, "Port out of range");
> +            goto end;
> +        }
>          spice_uri_set_port(self, port);
>      }
>  
> diff --git a/tests/test-spice-uri.c b/tests/test-spice-uri.c
> index d1dcc59..dca2101 100644
> --- a/tests/test-spice-uri.c
> +++ b/tests/test-spice-uri.c
> @@ -37,6 +37,8 @@ static void test_spice_uri_ipv4_bad(void)
>          {"http://127.0.0.1:port";, "http", "127.0.0.1", 3128, NULL, NULL,
>            "Invalid uri port: port"},
>          {"http://127.0.0.1:";, "http", "127.0.0.1", 3128, NULL, NULL, "Missing uri port"},
> +        {"http://127.0.0.1:-80";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
> +        {"http://127.0.0.1:8000000";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
>      };
>  
>      guint i;
> -- 
> 2.8.3
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel